3:38 a.m.
Thanks for your feedback. The social integration is not complete yet, but we plan to add
support for more networks and the ability to link multiple social logins with the same
account soon.
Yes, when a user first logs in with a social login we create an account. It doesn't
have a password set, so by default the user can only login with the social login. The user
can set a password if the user wants through the account management. Also, there's an
option to require users to review their profile on first login with social login. For
example Twitter doesn't provide email address, so if you require emails for user you
can use this option to make sure all users will provide one.
Made me think that someone may want to only allow social logins and completely disable
password logins. We could provide an option to enable this, which would mean that on the
login form only the social logins would be shown, and in the account management the reset
password option wouldn't be displayed. Is that something you're interested in?
With regards to LDAP/AD we haven't decided exactly how that'll work, but the
current thinking is that we'll sync users to/from an LDAP/AD server into the Keycloak
store. This will be fully automated and run in the background to provide a more or less
consistent view between LDAP/AD and Keycloak.
----- Original Message -----
From: "Matt Casperson" <mcaspers(a)redhat.com>
To: keycloak-dev(a)lists.jboss.org
Sent: Friday, 6 December, 2013 1:50:42 AM
Subject: [keycloak-dev] Can KeyCloack be used without any passwords?
I'd just like to say that KeyCloak looks like a great project. It will be
nice not to have to reinvent the account management wheel every time you
write an app.
I have a couple of questions about KeyCloak:
1. After playing with the demo it looks like first time social logins require
a local user account to be created. Is this a fixed requirement, or is it
possible for people to log in from Google/Twitter/Facebook without a local
user account? Or at least with a local account that has no password? I ask
because ideally we would like to never deal with any user passwords
whatsoever, and defer all password management to external services.
2. Do you expect the LDAP or AD support to work like a social login i.e. will
users with local network accounts be required to create a KeyCloak user
account in addition to their network account?
3. Is it possible to associate multiple social logins with a single account?
Something like what Stack Exchange does where you can add a Google and a
Facebook account to your existing SE account.
Regards
Matthew Casperson
RHCE, RHCJA # 111-072-237
Red Hat Engineering Content Services
Brisbane, Australia
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev